Posted
by
kdawson
on Wednesday December 12, 2007 @02:33AM
from the give-me-your-money-or-give-me-your-time dept.

coondoggie writes "The Federal Trade Commission and seven states have charged a payment processor with violating federal and state laws by debiting, or attempting to debit, from consumers' bank accounts on behalf of numerous fraudulent telemarketers and Internet-based merchants. Between June 2004 and March 2006, the payment processing company, Your Money Access, processed more than $200 million in debits and attempted debits to consumers' bank accounts. More than $69 million of the attempted debits were returned or rejected by consumers or their banks for various reasons, indicating the lack of consumer authorization, the FTC complaint alleges."

With most merchant accounts offering 99% approval rates, if your company falls in the other 1%, it probably can't accept cards anyway (due to the type of business or other factors, or you're just plain shady). I feel bad for the people defrauded by the merchants who used this processor.:(

In general, I think the answer is that you don't . . . but the banks and the Feds do, and you can bet they keep records and track trends. Nearly 35% unauthorized charges implies that perhaps this processor is specifically courting fraudulent businesses, and is at the least not doing whatever vetting and verifying it's supposed to be.

It shouldn't take that long to find out fraud is going on with a company with a charge-back rate higher then 25%. Why the heck wouldn't the credit cards cut off the tap and mitigate their damages? It seems sort of foolish to me.

Well, it is kinda tiny in credit-company terms . . . $100 mil in a year is a drop in the bucket. Size probably kept it off the priority list, even if the rate did blip their radar. Now with a two year record, it's a really solid case to bring, creating a nice precedent-hammer to expedite further such cases and scare similar operators out of the business.

Yup. 35% chargebacks is the kind of thing that Visa/MC would shut down in a matter of hours.It is such a royal bitch to launch a legit credit-card processor, thanks to all the irritating rules to cover up the flaws created by the cards themselves. The credit companies make a ton of money by defrauding both the client and the merchants, with a whole assortment of fees and fines, but they're in a position where it's near-impossible for a a retailer to refuse credit cards without losing most of your business

Re: your last statement: I doubt it. It would be a good idea, yes . . . but consumers are easy prey for credit debt precisely because they like the illusion of free money and the ability to spend what they don't have. As you said, "The only reason these companies thrive is because people suck at finances." - A debit-based system would require them to be able to pay immediately for everything, which would in the long run save them tons of money, bu

Buddy, I sell porn, and I hate the credit companies. If the porn industry (on all levels) stops accepting credit cards in favor of debit, people will switch to debit, and believe me, we want to! There are few things more insulting than paying fees to a credit processor who is constantly looking for excuses to ruin your business. It's not the merchants who are high-risk, it's the customers! A merchant could jump through a million hoops to ensure zero fraud, if a few of the buyers call in a fraudulent cha

Nope, those ones we fight back. The only way someone can (consistently) weasel their way out of a porn charge is to argue that their credit card info was stolen. That argument doesn't hold much water when the merchant can prove (via Geolocation) that the purchase was made from the cardholder's computer (or at least the same city/area). The fact that the guy's wife objects to his porn consumption does not undo the consumption nor the service provider's expense (bandwidth).If you buy a car, and your wife d

How often do you win chargebacks using Geolocation? My impression was that online service providers pretty much lose all of their chargeback cases, and it's even worse when porn is involved.How bad is your chargeback percentage anyways? Do you fly under the 1% radar? What percentage do you process in refunds?

Just curious, mind you. I used to work for a payment processor. As a rule we wouldn't take on gambling or porn (even turned down the Girls Gone Wild folks), though we took other dubious merchants w

Sorry, I mis-spoke. Clearly, as you say, it's not a credit card co. I'm just used to my debit and credit cards being handled by closely related companies (if I've read the fine print correctly), and so I lump them mentally and occasionally interchange them when it's really inappropriate. What I was intending by using the term "credit companies" was to include not just banks but any other (debit, but that got lost in the mental shuffle) card issuing financial services, and that's just what came out without f

No, because it's a different context. Shut the fuck up is usually when speaking directly to someone, shut the bugger up is used when talking about something to do to someone else (sorry for not knowing the grammatical terms for the differences *shrug*). Technically you could refer to someone as a 'fuck' if you wanted to, but it's a bit OTT for most cases.

If you didn't understand from the other replies, let me explain very simply; "the bugger" refers to a person, (probably in a mildly insulting but humorous manner). It's akin to saying "shut the asshole up" or "someone shut that asshole up".

Bollocks isn't remotely a replacement for "fuck" anyway- it's much milder, doesn't mean the same thing and isn't interchangable with "fuck" in the majority of situations.

Oh, and in a nice case of the pot calling the not-very-black-kettle black (*), I believe it was y

It was not my intention to start an American vs. Brit literary battle. Who would honestly suspect that anyone would believe the American literary tradition in any way compares to the British--outside of extension? I was trying to point to the fact that "shut the fuck up" is crass and meaningless in any sort of sensible discussion. I'll try to be less subtle next time.

It was not my intention to start an American vs. Brit literary battle. Who would honestly suspect that anyone would believe the American literary tradition in any way compares to the British--outside of extension?

You missed the point. When I said "Yeah, I'm a literary genius" I was being sarcastic (pretty obviously, I thought) and taking the piss out of *my own* clumsy attempt to rewrite a cliche for my own use. It had nothing directly to do with what I was saying to you.

Well, the summary seems to say that the merchants in this case were scammers. The feds may have wanted to back-trace / follow the money. It probably also took time to collect enough evidence for the case to proceed while not tipping off the accused.

Now, if the CC processor wasn't dirty, they'd eventually refuse to process charges from Bad Man, Inc., because he's obviously a fraud. But they are dirty, so they don't do anything. And if Bad Man, Inc. wasn't dirty he'd probably provide evidence to support his charges and try to get payment. But is his dirty, so he doesn't do anything.

At no point in that process does the CC company lose any money, other than a few minutes of telephone support time. They probably know that Bad CC Processor, LLC is dirty too, they just don't care. Obviously it would be good for their customers if they refused to accept charges from Bad CC Processor, LLC, but they aren't very motivated because, while they have to deal with some fraud reporting, they don't lose any money, don't really risk their reputation, and still get to process the successful 65% of charges that come in. If you've ever worked in a sales-oriented company, you'll know that it's essentially impossible to get sales to walk away from existing revenue streams, even if you could sustain a better profit margin on other types of business.

Except that in your example above, you orignal vendor has the cash already, before the dispute gets returned. THEN the processor can try to take it back, but if it's not in the account or get's rejected (think stop payment) then the processor is out the cash. If this happens too much the processor drops the merchant. But then again, they're both shady, and therefore probably just splitting the fees they do collect and the costs incurred.

There is a problem with your list at step 5. You are missing step 2(a), where CC company pays bad CC Processor, LLC. Bad guy has his money at the end of the day in most cases. Since they have already been paid, step 5 is more like:

5. Your CC company requests proof of transaction

6. Bad CC company provides tainted proof

[decision tree]

6(a). Your CC company calls the lawyers

6(b). Your CC company makes you prove that the charges are false

6(c). Your CC company decides (a) and (b) will cost more than just eating the cost

Guess what two they do the most? B and C. In credit cards, almost all of the risk is on the card issuer. The vendor has some slight risk, but only if they don't follow procedures. The card holder has very little risk since Visa and Mastercard force the issuers to pay if there is a dispute. The processor has zero risk.

For card-not-present fraud (such as internet purchases), the merchant wears the cost: if the cardholder complains of fraud, the issuing bank will issue a chargeback (assuming they believe the cardholder). The merchant will end up out of pocket, and will probably have to pay a penalty fee as well. That's why issuing banks don't care about online card fraud: they just pass the costs on to the merchants.

Because this was not credit card fraud. It was debit card fraud. Given that regular debit cards need a pin to access the account, it means that this was 'check card' fraud. I don't know why anyone would be surprised by this since Visa advertises that these cards are easy to commit fraud with. This was inevitable, and will only get worse until people start to raise a stink with their bank for trying to screw them by issuing 'check cards' instead of regular atm cards.

It always amazes me how many people think it's a good idea to carry a card that give access to their checking account with no pin, no id, and not even a signature.

Check cards require a PIN to get cash out of an ATM. They require a signature for purchases over $25 in most places. Most check cards are also now actually VISA or Mastercard backed... ie you can dispute the charge just like a credit card. In some respects they are really just credit cards secured by your bank account... you post a transaction via credit and it gets processed by VISA et al whom draws from your bank account to cover the charge.IMHO it's much better than cash if you like to have a paper trail

I'm not sure what you've been given by your bank.. but I've always been under the impression that there is no such card in existence (one that requires neither a pin nor a signature).A "debit card" (as issued by US banks at least) is merely an ATM card bearing a Visa or MasterCard logo. It can be used as a regular ATM card (with a pin), as a "check card" (again, by using a pin at the POS), and thirdly as a credit card (by signing the receipt).

And also, according to TFA, these were electronic debits. That means the consumer used the "Pay by check" option (Amazon and loads of merchants offer this now) and they ponied-up their routing number and account number.

If you chose to process your debit card as a credit card, thru the CC network, you get credit-card-like protections from fraud.

Not so. Debit cards have different pricing structures associated with their processing. Credit cards have federal banking laws which guide what can and can not be done. Debit cards do not fall under these same guide lines.

The reason debit cards are so popular with merchants is they tend to cost a lot less to process. The reason being, they tend to offer far less liability for the me

Any bank that issues a card with the Visa or MasterCard logo has agreed to meet or exceed the consumer protection policies of Visa or MasterCard. This is how it's ALWAYS been, debit card horror stories notwithstanding.

Either you did not read what you linked to, or you did not understand what it said. Yes, they gave their policy a secure sounding name, but if you read the policy, it is not even close to being "Zero Liability". The Astrix next to the name should have given you a clue that you should read the details a little more critically.

No, it's not "zero liability" for all transactions. In fact, that only applies to a few select types of fraud. For all other signature-based transactions, there's a $50 cap on liability. Last time I checked, that's the same liability cap on my Visa and MasterCard branded Credit Cards.

Perhaps YOU should've read the links and the linked-to liability policy?

I never said there was "zero liability." I said (twice, in fact) that the liability exposure was simply no greater than that of a credit card.

Of course you are STILL wrong. The peripheral liability caused by having insufficient funds in your in your checking account is dramatically greater than that of having a credit card maxed out. So, no there is not a $50 cap on liability. Saying that there is a $50 cap on liability is marketing speak. In fact what they mean is that there is a $50 cap on liability to your bank. The liability to other entities caused by insufficient funds does not have any cap at all.

"If you can point me to the spot where they agree to pay any and all bounced check fees/penalties, and all interest that is added to an account due to increased rates from a bounced check, I will concede defeat in this debate."

Since you never responded to the post where I did, in fact, point you to such a spot, I'm left to assume that your silence is your concession.

I just posted this below, but rather than make you actually scroll down, I figured I'd repost here for your convenience:

More FUD without anything to back it up.

Here's a more extensive excerpt from Visa. Emphasis mine.

" Visa's Zero Liability policy took effect April 4, 2000, and is a great improvement on the previous policy. The former policy required that you report fraudulent activity within two business days of discovery. After this two-day period, you could be held responsible for up to $50 of

Which is NOT all of the liability that is associated with fraudulent use of a 'check card'. What part of money not being in your checking account causing all sorts of peripheral liability don't you get?

This isn't a case of some people spreading FUD. It is a case of other people buying into marketing lies hook line and sinker.

I believe that Belial is attempting to point out the following series of actions:1. You have $10K in your day to day account (to which a Visa or Mastercard Debit card is attached).2. Your debit card number is used in a series of fraudulent transactions totalling $32,450.3. Your account is overdrawn, netting you a $30 fee from your bank.4. You dispute all the charges.5. You cannot pay your mortgage (and your salary is only beginning to make a dent on your debt to the bank). This costs you an extra $2000 in i

Yes. That is a dramatic version of what I meant. The biggest hit many people would take would be in that it is very common for credit cards to raise their interest rates from a very good 20% if you have a bounced payment. For all of those people that carry credit card debt, this can be a very expensive problem. But the numerous overdrafts and penalties from those that got the bad checks can easily add up to hundreds of dollars that is not covered by the zero liability*.

The problem here is that, according to Visa regulations, that $32,450 would be put back into your account within 5 CALENDAR days at the maximum. Moreover, MOST banks have a policy of crediting your account the balance within 24-48 hours. In fact, that's the policy of a few major banks I checked yesterday, including Chase, BoA, Citi and Wells Fargo. It turns out that MANY banks offer 24-hour replacement, including mine.Which means that your scenario would end at step 4.

Again, here's a cross-post. I want you to feel stupid as soon as possible, and by cross-posting I can ensure you feel stupid a couple seconds earlier than you otherwise would...

"Visa's cardholder protection policy requires all financial institutions issuing Visa products to extend provisional credit for losses from unauthorized card use within five business days of notification of the loss. However, many major financial institutions affiliated with Visa will issue provisional credit even earlier--within

" Visa's Zero Liability policy took effect April 4, 2000, and is a great improvement on the previous policy. The former policy required that you report fraudulent activity within two business days of discovery. After this two-day period, you could be held responsible for up to $50 of the unauthorized charges. With the new Zero Liability policy, you're no longer required to report fraudulent activity within

Really? You think? What are you on? Do you honestly believe the BS you're saying or are you just stupid?First of all, there are LOTS of bank issued *check cards* which have no affiliation with Visa or Mastercard. This is actually the majority as they are far more profitable. Second of all, go read what I said.

The only person looking silly here is you. And that's reinforced by your position as it's clear you're trying to ding me for speaking in absolutes where I clearly did not. I specifically did not. Even

2. I know you're not speaking in absolutes. That's because people like you who have no clue what they're talking about use language that's as general as possible to try to hide the fact that you have no clue what you're talking about.

3. And HERE'S where you look stupid again...

You talked out your ass and said...
". And I don't care what you think you read, they are not going to return it to you the day you

Looks like somebody got Mod Points today. Oh well. They'll be dinged in Meta-Moderation and anybody still reading this thread is going to read ALL the posts, not just those mod'ed >1.And i'm so thoroughly into Excellent Karma that it would take this guy and his 20 friends to REALLY do any damage.

I take this as sure proof that I spanked your ass SO HARD that this was the only recourse. I *LOVE* it.

Anytime, bro. Whenever you want to be put in your place, just let me know, I'm available. You can post drivel

Since some tool abused the moderation system, I've decided to re-post everything I wrote. This way it goes back to +2 and everybody can see it and enjoy my wit:)

God, this is so much fun.

1. I specifically said "a card with the Visa or MasterCard logo."

2. I know you're not speaking in absolutes. That's because people like you who have no clue what they're talking about use language that's as general as possible to try to hide the fact that you have no clue what you're talking about.

Since some tool abused the moderation system, I've decided to re-post everything I wrote. This way it goes back to +2 and everybody can see it and enjoy my wit:)

More FUD without anything to back it up.

Here's a more extensive excerpt from Visa. Emphasis mine.

" Visa's Zero Liability policy took effect April 4, 2000, and is a great improvement on the previous policy. The former policy required that you report fraudulent activity within two business days of discovery. After this two-day period, you

You seem to be confusing true debit cards (where you must enter a PIN, can get cash back, etc.) with the credit cards with immediate automatic payment. They're the same piece of plastic and appear to have the same behavior, but are actually very different things.In fact, that's why you'll often find modest fees associated with 'pin use'. If you use it as a credit card, normal credit card processing fees apply and (iirc) the bank gets a small cut as issuer. If you use it as a debit card, the bank has to t

They keep refering to "bank accounts" which implies to me that they have the routing number and account number. Most likely preying on people with bad credit who could not get Credit Cards

Defendants withdrew funds from consumers' bank accounts in one of two ways: by electronically debiting consumer bank accounts through the Automated Clearing House Network or by submitting checks and falsely representing that the consumers had approved them.

Yeah, and wire fraud or check fraud is a PITA too, since unlike credit or debit cards there is very little protection beyond what your bank feels like giving you. That's also why it took 2 years to get these guys I suspect.

I'm not sure about in America but here in Australia if someone tried to debit money from your account and it fails YOU the account holder get slugged a fee.I wonder if this was the case for all the failed unauthorized attempts...?

you wouldn't think so because what your talking about are dishonor fee's, and only get applied if there isn't enough money in your account.They can't charge you a fee for a fraudulent transaction, or if they did i'd be screaming blue murder all the way to the accc.

Around here, we have NSF (Non-sufficient-funds) fees, which basically say that if you write a bad cheque etc that gets rejected due to lack'o'cash, you get hit with an extra penalty. In this case, the transaction was perfectly legit on behave of the party requesting money, but the money just wasn't there to pay them.

The same does not apply to debits that have been rejected due to the requesting party having insufficient authority to make a withdrawal.

That's why credit cards are better than debit cards for cardholders.With debit cards when stuff happens, the money is gone from YOUR account.You then spend a lot of time and resources trying to get the money back.

With credit cards when stuff happens, the money is gone from someone else's account.You then contact the card company and say "Nope, I didn't buy that".

See how much the banks and FTC etc care about those fraudulent debits? Yes they care, but obviously not that much.

You're sort of right, but credit cards can be a bad thing if you share one with someone and the relationship is ending. At least with a debit card the worst they can do is empty your current account.My neighbor of a few years back had his wife walk out having spent tens of thousands on credit cards in the weeks before, *and* emptied his bank account for good measure (then demanded alimony, nice lady..). He never managed to get her to pay the card bills directly, but took all the money back as a 'shared expe

I agree, a debit card is a direct extension of cash, which means if it isn't on the account, it can't go anywhere. I even have a separate account from where I move money to the account connected to the card, just to avoid having all my savings in one stealable basket.

I have always refused to have an overdraft. I've had bank peoples get quite annoyed with me over the years about this, after all they like punters to be in debt, selling debt has always been a big money thing. One even issued me with a credit card once. I went to see the bank manager, gave him the card cut up into pieces, and said that if it happened again I'd close my account.

I am unique among the people I know in that I am the only person to go through

This might sound strange, but my parents* each have individual credit cards, not a group account.They both have excellent credit, so there's no problem with one not being able to get a card. From watching court tv, joint credit cards is a big way to get in trouble. Person A of reasonable financial management and income hooks up with person B of no financial management and no income. Person A lends, cosigns loans and credit cards because B can't get them, then wonders why B gets in trouble, overspends, an

When Apple Computer made a fraudulent charge to my debit card, it only took a phonecall to the bank and a mailing in of the form they sent me (postage already paid on the response envelope they sent me by the way). Sure enough, the money was gone from my account but it was back within 48 hours from picking up the phone, and of those 48 hours I spent 10 minutes actively working on the case. Not a lot of time spent, and no other resources spent except the ink for the form and the saliva for the envelope.

No, people just think they work differently because they've never read the documentation that comes with their debit cards. Really, debit cards generally have the same liability policies that credit cards have, although it's a little cheaper for the merchant because it's assumed that if you require someone to punch in a PIN to make the transaction then it's less likely to be fraudulent (the signatures on Credit Cards really don't offer much protection at all).

I'm fairly sure debit cards have the same protections here in the UK. That's why I asked if things worked differently.

On that topic I'm constantly amused by this one credit card firm that markets online fraud protection as one of their major features. I'm amused because all consumers are protected from that by law. As the gp said - people don't realise these things.

The money that isn't in your account comes back to you after a short delay. Maybe a couple of days, which is an inconvenience but not usually the end of the world.

It comes back because the bank are legally bound to give it back the moment you tell them that you didn't authorise that transaction. The bank also remove the bounced check and overdraft charges because what happened was their fault, not yours.

Yes, but the original poster made it sound like you'd be waiting weeks or months for the outcome of legal battles and tracking the money and stuff. You aren't. You tell the bank that the transactions were not authorised and they refund them. It may take 48 hours. 48 hours is an inconvenience but not the end of the world.

"The financial institution must promptly investigate an error and resolve it within 45 days. For errors involving new accounts (opened in the last 30 days), POS transactions, and foreign transactions, the institution may take up to 90 days to investigate the error. However, if the financial

There's a difference between "lost or stolen cards" and fraud liability.If you have lost your card you have some liability. If you have had it stolen you need to tell the company ASAP and have very minimal libaility. IMHO.

As for citations:

The Banking Code [64.233.183.104] which all UK banks are signed up to. Check out section 12.12

Admittedly this is a voluntary agreement and not backed by law, but it's a start.

The BBC [bbc.co.uk] say that the law states you are not liable for any fraud if you are still in posession of the card.

Sorry, I'm having difficulty finding the 2 days or 48 hours you claimed before, in the PDF you linked to. I don't even see any promise on any time limits on when you'd get your money back, or when the Bank would credit it back to you in good faith. As mentioned earlier - the US banks are supposed to do that within 10 days under normal circumstances.Even if what you claim is true it's still so hard to find I bet the UK bank staff themselves don't know of such a promise/law, so there's no guarantee in _practi

Oh, I'm sorry, I thought you were genuinely interested in this stuff, not just trying to be an asshole. I told you that my links weren't complete and I didn't have the time or energy to look for more. I invite you to look for yourself. No, the BBC are not a legal or banking institution. They are a British news source, and a very good one.Your closing comments are utterly ridiculous. You should only use debit cards where you can't get credit and cash is no option? What nonsense.

You were the one confidently telling people that they can use debit cards and if stuff happens, they can call the bank up and in two days they'll get their money back, no fuss and trouble.And now you imply I'm trying to be an asshole, when you can't even come up with any evidence backing your claims.

If things turn out not as rosy as you painted and people believed you, they might be rather "inconvenienced".

FWIW, I _am_ an asshole, I sometimes try not to be one, unfortunately I don't succeed often enough.

yeah, nice family friendly tagging there..On topic though, who on earth doesn't check to see whether what they are being billed for is what they actually owe? Ok some did, which is how they got caught, but obviously not everyone did.

I check all my bills every month, especially ones prone to change, like amazon/Audible/other online shopping orders and suchlike. I didn't always have to be so thorough, but there's this thing called the internet, and apparently not everyone on it is a cuddly bundle of trustwor

It seems some people are confused about the nature of the Automated Clearing House, and making very odd assumptions. Since some of this is due to a conflict in terminology, hopefully I can clear this up.
ACH is a big network. You might say it's really a collection of protocols and legal policies that allow banks and credit card companies to talk to each other. Every time you use your debit card in a non-branch office (like a Wells Fargo card in a Bank of America ATM), you're using ACH.
Now, I'm going to skip the in-depth network topology and give you the highlights. In short, the entire setup consists of Vendors attached to a Payment Processor , which are attached to ACH, which is responsible for routing a transaction from one ACH member to a Financial Institution (like a bank or credit card company).
Vendor->Payment processor->ACH->Financial Institution.
Now, why not have the Vendor connect to the FI directly? Well, each vendor would need a connection for every card. As in physical lines. That makes it expensive for everyone, and hit-or-miss for the consumer - what if they don't support YOUR card?
Okay, so, why not have the vendor connect to the ACH directly? Well, when you make a transaction on the ACH, there's no additional security. Basically, it's assumed that you have the authority to make the transaction, or you wouldn't be doing it. Imagine getting a credit card scanner and service for like 300$, quickly making several hundred thousand in fraudulent charges, and skipping the country. Generally speaking, you need to be an established business with accountability to be allowed to connect to the ACH - and that's where payment processors come in.
Oh, and quick terminology lesson. In ACH parlance:
A debit means "take money from an account"
A credit means "put money into an account"
They have nothing to do with credit cards, or debit cards, or anything of the sort.
Payment Processors, usually make money per transaction, or per connection time. Either way though, they profit from vendor transactions whether valid or not, so there's a good incentive to 'look the other way' with problem vendors.
So, this payment processor was following all the rules, but they're charging it as sort of an accessory to criminal acts by their customers. The states are saying that they knew these were invalid debits, but they processed them anyway, just to make money.
Technically it would be the vendors that have to suffer here, but the states are trying to hit every target they can, especially when busting a little work-out-of-your-house-2000$-laptop-scammer is not worth the money spent sending them to trial.